myron/parkerslingshotrentals
1
0
Fork 0
mirror of https://github.com/myronblair/parkerslingshotrentals synced 2026-06-30 17:50:31 -05:00
Code Issues Packages Projects Releases Wiki Activity

simplify: cache dirname(__DIR__), use str_starts_with, drop finfo object for mime_content_type()

Browse Source
This commit is contained in:
Myron Blair
2026-06-23 16:35:17 +00:00
parent bb21fca399
commit 72ba4743f9
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
admin/view-doc.php
+5 -5
View File
@@ -29,17 +29,17 @@ if (!$row || !$row['file_path']) {
exit('No document on file.'); exit('No document on file.');
} }
$base = realpath(dirname(__DIR__) . '/uploads'); $root = dirname(__DIR__);
$path = realpath(dirname(__DIR__) . '/' . $row['file_path']); $base = realpath($root . '/uploads');
$path = realpath($root . '/' . $row['file_path']);
if (!$path || !$base || strpos($path, $base . DIRECTORY_SEPARATOR) !== 0) { if (!$path || !$base || !str_starts_with($path, $base . DIRECTORY_SEPARATOR)) {
http_response_code(404); http_response_code(404);
header('Content-Type: text/plain'); header('Content-Type: text/plain');
exit('File not found.'); exit('File not found.');
} }
$finfo = new finfo(FILEINFO_MIME_TYPE); $mime = mime_content_type($path);
$mime = $finfo->file($path);
$allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf']; $allowed = ['image/jpeg' => 'jpg', 'image/png' => 'png', 'application/pdf' => 'pdf'];
if (!isset($allowed[$mime])) { if (!isset($allowed[$mime])) {
http_response_code(403); http_response_code(403);